Staff Software Security Engineer

Company: Workrise Technologies Inc
Location: Austin
Posted on: March 17, 2023

Job Description:

Workrise delivers tailored workforce and vendor management solutions backed by the most qualified people in the energy industry. We do this reliably at scale, so customers can confidently execute on the projects in front of them, and focus their time and energy on the goals that drive their business forward.

We are hiring a Staff Software Security Engineer with depth in experience in Product and Application Security. You will work with a team of highly skilled software security engineers to help build security tools and embed security practices and solutions into our product and engineering teams. While this is a strong technical leadership and influential role, you will also have current hands-on experience building, deploying and operating custom product security solutions.

What you'll be doing:

* Collaborate - We are a small team of software security engineers supporting the Workrise Enterprise. You will collaborate and contribute to technical solutions across product, engineering, and SRE, operations and IT. You will help accelerate the vision that security is a partner and enabler helping to bring secure solutions to market faster. You find a path towards scaling security acumen through a Security Champions program. .
* Build - You will be building security solutions to strengthen both our SDLC and application environments. This is a hands-on builder role that will support engineering teams in a micro services environment. You will be both advising and building solutions from API security, secrets management and cryptography, identity management, and service-to-service communication protocols in a service mesh environment.
* Secure - You will lend a hand in running red teams, providing direction and scope for bug bounty programs, and assisting in threat modeling exercises. You will help accelerate teams not only to build secure solutions up front, but also help improve existing legacy systems product security maturity. You will work with our detection team to build robust detection and response to identify application vulnerabilities and intrusions.

Experience and Education Requirements:

* Bachelor's degree in Computer Science, Engineering or related field or equivalent experience
* You must have hands-on coding experience building, deploying and operating solutions. This is a hands-on role building security solutions
* Demonstrated technical leadership with ability to communicate to Junior/Senior engineers and fluidly as with the rest of the business. Ability to build solutions is an important ability to communicate and influence
* Demonstrated experience in Product and Application Security domains
* Minimum of 7 years technical professional experience in a security or software engineering discipline as a development engineer
* 3+ years of experience in threat modeling and security architecture
* 3+ years working in a cloud environment (AWS, GCP)
* 2+ years working with container orchestration services (k8's, Docker, service mesh). You must be comfortable building and deploying full-stack containerized web services
* Demonstrated experience within the security community on open source projects, bug bounty submissions, or similar contributions. Bonus points for open-source collaboration and community presentations
* Ability to work with engineering focused teams to promote safe development practices (e.g. Security Champion)
* Experience with CI/CD tools such as CircleCI, Jenkins, Github Actions
* Demonstrated experience in at least one programming language such as Python, Go, JavaScript, or Rust
* OWASP Top 10 and common application exploits, and techniques should be second nature
* Additional experience preferred, but not required includes:
* Experience with vulnerability management and DevSecOps (SAST, DAST, IAST)
* Experience with identity and entitlements management
* Experience in k8s environments: intrusion detection, mTLS, OPA, istio service mesh, envoy proxy
* SIEM/SOAR: building detections, response, and automating workflows
* Engaging with bug bounty programs
* Exposure to security and compliance, and privacy frameworks such as GDPR, CCPA, ISO27001, NIST CSF
* Demonstrated experience working with web concepts and frameworks. (React, JSX, SPAs, DOM)



More than a job:

At Workrise you can feel good about supporting our mission to serve those who do the hard work. We recognize that making an impact matters to you and we believe in providing an environment that fosters your growth. We use data to drive our decisions and improve the experience of our workers and the clients we serve. With mutual respect for each other, we continually collaborate to find the best solution.

In appreciation for your contributions, we support you with:

* Working alongside talented peers who will bring out the best in you
* The opportunity to significantly impact the growth curve of an already high-growth business
* Benefits for full-time employees, flexible paid time off, 401k with company matching, medical, dental and vision insurance

Workrise is committed to providing an environment where any and all people feel belonging, respected, and free to be their authentic selves. We welcome applicants of all gender identity and expression, sexual orientation, neurodiversity, educational background, religion, ethnicity, disability, age, veteran status, and citizenship. We'd love to learn what you can add to our team.

Who we are:

In 2014, we set out to create a better way to manage and deploy Oil & Gas workers at scale through technology. Over time, we've grown to add Renewables in service of the energy industry.

We're a Series E startup, backed by industry-leading investors Founders Fund, Bedrock Capital, Andreesen Horowitz, and Baillie Gifford. To date, we've placed over 26,000 skilled tradespeople with over 500 businesses and are poised to grow exponentially.

We'd love to share more through the interview process and look forward to learning more about your journey.

To all recruitment agencies: Workrise does not accept agency resumes. Please do not forward resumes to our jobs alias, Workrise employees or any other organization location. Workrise is not responsible for any fees related to unsolicited resumes.

Keywords: Workrise Technologies Inc, Austin , Staff Software Security Engineer, Other , Austin, Texas